PF pf filter for ipv6 traffic class

P

Patrick Mackinlay

I am trying to configure my packet filter to put ssh traffic into a specific queue for bulk and interactive traffic. This works great for ipv4 with filter rule like:
Code: 
pass on $ext_if proto tcp from any to any port 22 queue (qwanstd, qwanhigh)
However a similar rule for ipv6:
Code: 
pass on $ext_if inet6 proto tcp from any to any port 22 no state queue (qwanstd, qwanhigh)
doesn't work. It seems the packet filter ignores the ipv6 traffic class byte in the ip header.

Even if I use a rule like:
Code: 
pass quick on $ext_if inet6 proto tcp from any to any port 22 tos 0x10 no state queue (qwanhigh, qwanhigh)
It seems the packet filter cannot ever match that line. I am using FreeBSD 11. Does anyone know how I can create a rule for ipv6 packets with a traffic class of 0x10
 
I agree that the first rule should match ipv6 as well as ipv4, and I suppose it does since the extra 2 lines make no difference to how ipv6 packets are treated. Note that there are no other matching rules, I even tried with the quick flag. However, ipv6 traffic class is still ignored, all ipv6 packets are queued in
qwanstd regardless of traffic class. Ipv4 packets are queued correctly in the 2 different queues. The $ext_if macro is just my WAN interface.

Code: 
ext_if="tun0"

Note that if I run tcpdump and start an ssh session I can see that the traffic class for ipv6 packets is 0x10 (and the TOS for ipv4 is 0x10) for interactive packets. So it just seems to me that the packet filter simply doesn't support the ipv6 traffic class header.
 
You must log in or register to reply here.
Back
Top